Nepali Girl - Trojan Analysis
Table Of Contents
Nepali Girl is an android trojan that has been spreading in Nepal for over a month through the WhatsApp messaging platform. This sophisticated piece of Trojan is designed to steal sensitive information from the mobile devices of its victims, compromising their privacy and security. The primary method of delivery for this trojan is through the popular messaging platform WhatsApp, where it is distributed by sending a message that contains a malicious link or app directly.
Once installed, the trojan app can trick the victim to gain access to sensitive permissions by displaying fake accessibility pages. Once the user provides permission on accessibility, this trojan can automatically grant itself permissions like read SMS, call, account, camera, contacts, microphone, storage can also be used to perform other actions or capabilities, such as downloading additional malicious applications or displaying unwanted contents, having network access, setting wallpaper, install shortcuts and much more.
Download Full Report
A similar app named “net.bitburst.pollpay.apk” discovered in Joesandbox was deemed malicious. Based on the research, the “NEPALI GIRL” app was developed from the previously identified malicious app, and identical permissions are required. Despite major changes, the program remains dangerous qualities and is targeted specifically at Nepal.
In conclusion, our analysis of the trojan android app NEPALI GIRL revealed that it is designed to collect and store data on a local internal storage, such as a database. This data is then transmitted at scheduled intervals. It was also observed that the trojan app has phishing capabilities as well, which can trick the user to provide sensitive information like login credentials, and other personal information. Furthermore, it was found that the application misuses the accessibility service of android devices to permit such sensitive permission itself which allows it to gain access to sensitive information even without users’ knowledge.
Overall, this trojan app poses a significant threat to user privacy and security, and it is recommended that users exercise caution when downloading and installing apps from unknown sources. It is also important for organizations to implement proper security measures to protect against such malicious apps and educate their employees about such phishing techniques.
Without any user interaction, it is not possible for such application to get installed and obtain permissions automatically. Here are some steps to protect yourself from this kind of application and a method for removing it, if a standard uninstall methods is unsuccessful.
You can remove the application with ADB, Android Debug Bridge if regular uninstallation does not work
- Connect to the device using USB
- Install ADB on your PC and enter below commands
- adb uninstall com.appser.verap
Only download and install apps from trusted sources such as the Google Play Store or Apple App Store (in case of Apple devices) and avoid downloading apps from third-party app stores or websites as they may be compromised.
If the application needs to be downloaded from third-party stores, consider scanning application on sites like virus total and other scanning platforms before proceeding.
Be cautious of apps that ask for unnecessary permissions, particularly those related to sensitive information such as contacts, text messages, or location data.
Be suspicious of apps that offer free content or services, especially those that promote adult or sexually explicit content.
Educate yourself and your employees about the common tactics used in phishing attacks and how to identify them.
Despite of not having any unusual activities on a device, this type of application could be present. Consider the presence of such application by navigating to accessibility services of your settings.
The analysis of the Trojan app was carried out by Nirmal Dahal and Niraj Kharel, with support from Yojan Dhakal, Pradip Bhattarai, Bhuwan Bhetwal, Bibek Dhungana, Aayush Shrestha, Aayushman Thapa Magar, and Anjil Sharma.
- Front Cover Trojan Horse Image Credit : v-graphix / Getty Image
- Report Created Using Figma